Chronology of Data Breaches
Security Breaches 2005 - Present

Posted Date: April 20, 2005
Updated Date: December 31, 2013

Is this your first visit to our Chronology of Data Breaches?

  • Read our FAQ about what we define as a breached record, how we calculate the "total" records breached, our data sources, state breach notice laws, studies and other resources

  • Learn how to use our Chronology and take advantage of its sophisticated search and sort features

  • Get our RSS Feed to see when we add new breaches to the list

What would you like to do?


Click or unclick the boxes then select go.


Select features, then click GO.



Help Guide

Can't find the sort feature you're looking for? Click here to download a CSV file of the data breach list as it exisits today.
Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005

Save or Print PDF of Entire Breach List including introduction.Save or Print a PDF of Entire Breach List (including introductory FAQ)

Filter breach list before saving or printing PDF. Conduct a search of the Chronology using its sorting features, and Save or Print a PDF of your search results (Select filters)

If you do not have access to PDF, you can print the Chronology in landscape view.

Date Made Publicsort icon Name Entity Type
November 27, 2012 Sourcefire
Columbia, Maryland
BSO PORT

500

The November 6 theft of an unencrypted laptop may have resulted in the exposure of employee Social security numbers.  It is unclear if other types of information were also exposed.  A total of 500 employees may have been affected.  

 
Information Source:
Media
records from this breach used in our total: 500

November 27, 2012 Pulaski Bank
Overland Park, Kansas
BSF PHYS

Unknown

An employee left sensitive loan application documents in a vehicle while at the gym.  The documents were stolen and included loan applicant tax returns. The breach occurred in September.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 24, 2012 CHRISTUS St. John Hospital
Houston, Texas
MED PORT

Unknown

An unencrypted flash drive was discovered lost or stolen on September 25.  It contained patient names, Social Security numbers, dates of birth, health insurance information, diagnoses, and progress notes.  The information came from patients who participated in the St. John Sports Medicine Program and were treated between January 1, 2011 and July 31, 2012.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 22, 2012 Scripps College
Anaheim, California
EDU PHYS

940 (No SSNs or financial information reported)

Scripps College is located in Claremont, California and the theft took place in Anaheim, California.

Sensitive records were stolen from a tote bag in a staff member's vehicle on the night of November 18.  The records included names, dates of birth, cell phone numbers, email addresses, and emergency contact information.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 21, 2012 Oak River Insurance Institute
San Francisco, California
BSF INSD

2,700

An employee disclosed personal information about workers compensation claimants between October 2011 and March 2012.  Workers compensation claimants who received spinal surgery in Southern California between 2004 and 2011 or had urinalysis testing, diagnostics or medical services performed in California between 2006 and 2011 may have had their information exposed.

It does not appear that Social Security numbers or other identifying information exposed were used to compromise the security, confidentiality, or integrity of the personal information. 

UPDATE (11/23/2012): About 2,700 workers' compensation claimants were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 2,700

November 19, 2012 American Tool Supply (ATS)
Suwanee, Georgia
BSR HACK

617

A hacker gained access to the ATS system and may have accessed financial information.  The attack was discovered on August 1 and financial information was immediately removed from the ATS online system.  

 
Information Source:
California Attorney General
records from this breach used in our total: 617

November 16, 2012 Nationwide Mutual Insurance Company and Allied Insurance
Columbus, Ohio
BSF HACK

1,000,000

Affected Georgia consumers may call 1-800-760-1125. Other consumers with questions may call 1-800-656-2298.

A portion of the computer network used by Nationwide and Allied Insurance agents was breached by cyber criminals on October 3.  The attack was discovered on the same day and contained.  On October 16, it was determined that names, Social Security numbers, driver's license numbers, dates of birth, marital status, gender, occupation, and employer information had been stolen.  Affected parties were identified on November 2 and notifications were sent on November 16.

UPDATE (11/20/2012): At least 28,000 people in Georgia were affected.  The total number of affected people is not known.

UDPATE (12/10/2012): A total of 28,468 people in Georgia, 534 in Oklahoma, 12,490 in South Carolina, 286 in Maryland, 5,050 in California, 91,000 in Iowa, 170 in Hawaii, 8,000 in New Mexico, and 98,191 in Minnesota were affected. This brings the known total to 244,188.  Nationwide/Allied Group reported that the breach compromised the information of one million policyholders and non-policyholders nationwide.

 
Information Source:
California Attorney General
records from this breach used in our total: 1,000,000

November 16, 2012 Landmark Medical Center
Woonsocket, Rhode Island
MED PORT

683

The office theft of a laptop resulted in the exposure of patient information.  A spreadsheet with sensitive information that could be easily accessed was on the stolen laptop. It is unclear what type of information was exposed, but Social Security numbers, addresses, and medical information were not involved.

UPDATE (12/21/2012): A Health and Human Services (HHS) notice reveals that the theft occurred on October 1.  A total of 683 patients were affected by the breach.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 683

November 14, 2012 Highlandtown Community Health Center, Johns Hopkins Hospital
Baltimore, Maryland
MED INSD

250

At least four people were involved in an identity theft ring that affected over 250 people.  One member of the ring was employed by Highlandtown Community Health Center and provided personal and financial patient information that he accessed through his position. The information was used by other ring members to create counterfeit checks and fraudulent state identification cards. The fraud occurred between August and October of 2009.

Another member of the ring was employed by Johns Hopkins Hospital and provided the information of doctors who applied for fellowships there.  Several ring members rented apartments under the identities of doctors. Two of the members pleaded guilty to conspiring to commit wire fraud and aggravated identity theft.  The four members of the ring are required to collectively pay restitution for fraudulently obtained cash, merchandise, and services worth over $188,000.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 250

November 14, 2012 Adobe
San Jose, California
BSO HACK

230 (No SSNs or financial information reported)

A hacker released the names, email addresses, and encrypted passwords of 230 members of Adobe's company database.  The hacker claimed to have access to over 150,000 records.  Adobe announced that it would reset approximately 150,000 passwords of members of the Connectusers.com site.

UPDATE (11/14/2012): The 230 people who were affected also had their titles, affiliated organizations, and usernames exposed.  A number of those affected were associated with U.S. government agencies such as the Department of Transportation, the Department of Homeland Security, the U.S. State Department, and the Federal Aviation Administration.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 13, 2012 Sprechman & Associates, P.A.
Miami, Florida
BSF INSD

Unknown

An employee may have performed unauthorized searches on clients.  The employee is no longer with the company.  Names, Social Security numbers, addresses, dates of birth, and driver's license numbers may have been exposed.  The potential breach was discovered in July and clients were notified in October after their contact information was confirmed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 13, 2012 National Aeronautics and Space Administration (NASA)
Washington, District Of Columbia
GOV PORT

10,000 (No SSNs or financial information reported)

An October 31 theft of a NASA laptop and sensitive NASA documents from an employee's locked car resulted in the exposure of employee information.  Contractors and other non-employees associated with NASA were also affected.  Employees are encouraged to be suspicious of communication from individuals claiming to be from NASA. It may take up to 60 days to send official notifications to those who were affected.

UPDATE (12/14/2012): Up to 10,000 employees and people associated with NASA may have been affected.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 13, 2012 Chicago Board of Elections Commissioners
Chicago, Illinois
GOV DISC

1,200 (No SSNs or financial information reported)

The sensitive information of Chicago voters was exposed online due to a mistake by the election authority. A database that included names, the last four digits of Social Security numbers, addresses, and drivers license numbers was accidentally placed online in a publicly accessible place.  Only people who applied to work for the board in Chicago polling places on Election Day were determined to have been affected.  

A forensic investigation firm believes that as many as 1.7 million registered voters had their names, addresses, and voter registration numbers exposed. However the Chicago Board does not believe that information should be considered sensitive.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 11, 2012 Labelmaster (American Labelmark Company)
Chicago, Illinois
BSO HACK

Unknown

A hacker accessed the e-commerce site labelmaster.com.  Customer names, addresses, credit card numbers, and credit card expiration dates were exposed.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 10, 2012 Alere Home Monitoring, Inc.
Livermore, California
MED PORT

100,000

The September 23 theft of an employee's unencrypted laptop resulted in the exposure of information of over 100,000 patients.  The laptop was stolen from the employee's home.  Names, Social Security numbers, addresses, and diagnosis information of patients taking drugs to prevent blood clots were exposed. Alere became aware of the breach on October 1.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 100,000

November 10, 2012 Gulf Coast Health Care Services
Pensacola, Florida
MED INSD

13,000 (No SSNs or financial information reported)

A network security incident resulted in the expose of patient information.  The breach occurred on August 17.

UPDATE (11/26/2012): An employee accessed and downloaded patient information without authorization or a legitimate purpose on five occasions between June 29 and September 20 of 2012.  Gulf Coast Health Care Services discovered the issue on September 26.  Patients who were seen between 1992 and September 20, 2012 may have had their names, addresses, dates of birth, and phone numbers accessed.  It appears that the employee was accessing the data for the purpose of helping outside practitioners recruit patients to their own practices.  The incident was reported to the FBI, the Sarasota Police Department, and the Florida Department of Law Enforcement. 

This entry on the Privacy Rights Clearinghouse Chronology of Data Breaches was previously listed as a hack and was reclassified as an insider breach based on new information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 10, 2012 Baptist Physicians Lexington
Lexington, Kentucky
MED PORT

2,376 (No SSNs or financial information exposed)

A device with patient information was discovered lost or stolen on August 15.  

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

November 10, 2012 Bob Ward & Sons
Bozeman, Montana
BSR HACK

Unknown

The Bob Ward & Sons website was hacked on June 6, 2011.  Customers who made online purchases between May 31 and August 3 of 2012 may have had their names, addresses, and credit card information exposed.  Ward became aware of the issue when he received a notice from Discover that revealed some customers had experienced fraudulent charges.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

November 9, 2012 Memorial Hospital
Colorado Springs, Colorado
MED PHYS

6,400 (No SSNs or financial information reported)

Concerned patients may call 1-866-283-9930

Laboratory reports for about 6,400 patients were discovered missing.  The reports contained bill processing information and charges for laboratory services.  Patients who had lab work done between May 1, 2012 and August 31, 2012 had their names, Memorial internal account numbers, lab work dates, and types of lab work exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 7, 2012 4Access, National Processing Company
Louisville, Kentucky
BSF HACK

Unknown

An unauthorized person may have gained access to the computer network that supported certain 4Access terminals.  These terminals were connected to a computer network that allowed merchant transaction processing.  The unauthorized entry was discovered on September 24.  Check processing information stored in the network such as check writer's name, checking account and routing numbers, address, and driver's license number may have been accessed. No credit card information was exposed.  

 
Information Source:
California Attorney General
records from this breach used in our total: 0

November 6, 2012 Women & Infants Hospital
Providence, Rhode Island
MED PORT

14,004 (Unknown number of SSNs)

WomenandInfants.org posted a notice: http://www.womenandinfants.org/news/Confidentiality-Notice-for-Patients.cfm

Those with questions may call 1-877-810-7928.

Unencrypted backup tapes containing ultrasound images from ambulatory sites were discovered missing on September 13.  The information was from Providence, Rhode Island between 1993 and 1997 and New Bedford, Massachusetts between 2002 and 2007.  Patient names, dates of birth, dates of exams, physicians' names, and patient ultrasound images were exposed.  A limited number of current and former patients also had their Social Security numbers exposed. Notifications began on November 5.

UPDATE (11/10/2012): A total of 14,004 patients were affected.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

November 5, 2012 Illinois Department of Healthcare and Family Services
Springfield, Illinois
MED PHYS

508

The August 31 theft of a briefcase from the home of a contractor resulted in the exposure of nursing home residents.  The briefcase contained names, Social Security numbers, Medicaid recipient numbers, and dates of birth.  

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 508

November 4, 2012 Symantec, ImageShack
Mountain View, California
BSO HACK

1,000 (No SSNs or financial information exposed)

A hacking spree resulted in unauthorized access to the ImageShack server and a Symantec portal. Names, phone numbers, emails, domains, passwords, usernames, and other information were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

November 2, 2012 Cornell University
Ithaca, New York
EDU DISC

2,000

Names and Social Security numbers of people associated with Cornell were publicly available for five days.  The information was on a computer in Cornell's athletics department and was accidentally placed online from September 5, 2012 until September 10, 2012.

 
Information Source:
Media
records from this breach used in our total: 2,000

November 1, 2012 Salinas Valley State Prison (SVSP)
Soledad, California
GOV DISC

Unknown

Sensitive staff information on a database file was found to have been accessible to all SVSP staff.  Staff names, Social Security numbers, phone numbers, addresses, and institutional-position information were exposed.  The breach was discovered on September 26 and it is unclear how long the information was available.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 30, 2012 HSBC Bank USA National Association
New York, New York
BSF INSD

Unknown

An employee resigned and left with customer account information.  Names, Account numbers, account types, and phone numbers may have been exposed.  The breach occurred in late July.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 29, 2012 Kaiser Permanente
Oakland, California
MED DISC

Unknown

Those with questions may call 866-578-5413.

A Kaiser Permanente Northern California Region Recruitment employee mistakenly sent an email to unauthorized parties on August 24.  Former Northern California Kaiser employees who left Kaiser between 1990 and 2006 may have had their names and Social Security numbers exposed. Kaiser IT Security conducted a detailed analysis to confirm that the recipient did not forward or print the email. The analysis also revealed that the email had been deleted and could no longer be accessed.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 29, 2012 Massachusetts Eye and Ear Infirmary
Boston, Massachusetts
MED INSD

3,600

A dishonest employee was arrested and fired in March after stealing patient information from Massachusetts Eye and Ear Infirmary.  The former employee opened fake accounts to avoid paying for electricity. The investigation began in January when one of the victims noticed that her Social Security number had been used to open an account.  Names and dates of birth were also compromised.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 3,600

October 29, 2012 Abilene Telco Federal Credit Union, Experian
Abilene, Texas
BSF HACK

847

A hacker or hackers were able to access an Abilene Telco Federal Credit Union employee's computer in September 2011.  The Bank's online account with Experian was then used to download the credit reports of 847 people.  Social Security numbers, dates of birth and detailed financial data were exposed.

 
Information Source:
Dataloss DB
records from this breach used in our total: 847

October 28, 2012 Optimum HealthCare Inc.
Tampa, Florida
MED INSD

32

An Optimum HealthCare claims specialist stole the personal information of at least 32 clients.  The documents information was later found on a man who was arrested after a traffic stop in 2011.  The man who was arrested never worked for Optimum and the dishonest employee who stole the documents is believed to have separated from Optimum.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 32

October 28, 2012 Prescription Monitoring Program
Olympia, Washington
MED UNKN

34

An unauthorized party gained access to a physician's identity in order to view patient records.  A fraudulent account was created under the doctor's identity in the Washington medical system.  Medical information such as drugs dispensed and quantity dispensed may have been accessed before the fraudulent account was shut down.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 34

October 27, 2012 Department of State Bureau of Consular Affairs
Washington, District Of Columbia
GOV INSD

Unknown

A dishonest employee misused sensitive information in a State Department database to obtain fraudulent credit cards.  He was part of a conspiracy sometime during his employment between September 2007 and March 2008.  The group of conspirators successfully obtained $71,774 and attempted to obtain an additional $133,494 in fraudulent transactions.  The dishonest employee pled guilty to conducting illegal transaction with credit cards and agreed to pay $71,774 in restitution.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 26, 2012 Alabama Department of Human Resources, Vinson Guard Service Inc., Jefferson Davis High School
Montgomery, Alabama
BSO UNKN

Unknown

A notice from The United States Attorney's Office Middle District of Alabama can be found here: http://www.justice.gov/usao/alm/programs/vwa/victimnotification.html

An alert stating that the United States Attorney's Office is prosecuting cases related to the theft of personal identifying information and misuse of that personal identifying information was released.  The information was stolen between January 1, 2009 and March 25, 2011.  People from various organizations may have had their information misused to prepare fraudulent tax returns.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 26, 2012 South Carolina Department of Revenue
Columbia, South Carolina
GOV HACK

6.4 million 

Citizens concerned about exposure may visit protectmyid.com/scdor and enter the code SCDOR123 or call 1-866-578-5422.

South Carolina Department of Revenue's website was hacked by a foreign hacker.  The hack most likely began on August 27, was discovered on October 10, and was neutralized on October 20.  Around 3.6 million Social Security numbers and 387,999 credit card and debit card numbers were exposed. A total of 16,000 payment card numbers were not encrypted.

UPDATE (10/31/2012): Tax records dating back to 1998 were exposed.  A lawsuit alleging that South Carolina failed to protect citizens of South Carolina and failed to disclose the breach quickly enough was announced on October 31.

UPDATE (11/05/2012): Trustwave was named as the data security contractor who handled the South Carolina website and added to the group being sued over the breach.  Trustwave is an international company based in Chicago.

UPDATE (11/15/2012): Over 4.5 million consumers and businesses may have had their tax records stolen by hackers.  It appears that Trustwave focused on helping the Southern Carolina Department of Revenue comply with regulations regarding how credit card information is handled.  Neither Trustwave nor the Southern Carolina Department of Revenue detected the breach.

UPDATE (11/29/2012): The total number of people or businesses affected was updated to 6.4 million. Approximately 3.8 million taxpayers and 1.9 million of their dependents had their information exposed.  Additionally, 3.3 million tax payers had bank account information obtained.  It is unclear how much overlap there is between the 3.8 million taxpayers and the 3.3 million tax payers who had bank account information obtained.

UPDATE (01/11/2013): A State IT division director reported that the SCDOR's former chief information officer and current computer security chief were notified on August 13 that 22 computers were infected with malicious code.  The State's division of IT recommended that passwords be reset after the discovery, but they were not reset.

UPDATE (03/01/2013): A lawsuit brought against TrustWave and SCDOR by a former state senator has been dismissed by a judge.  The former senator accused the agencies of conspiring to hide the fact that a massive breach had occurred and failing to adequately protect taxpayers from a potential hack.

UPDATE (04/02/2013): About 1,448,798 people signed up for free individual credit monitoring and 41,446 signed up for free family credit monitoring.

UPDATE (10/25/2013): It is estimated that South Carolina taxpayers will pay at least $8.5 million to pay for one year's worth of free credit monitoring to those affected by the data breach.  Over 650,000 businesses had their tax information exposed.

 
Information Source:
Media
records from this breach used in our total: 6,400,000

October 25, 2012 Waipahu Aloha Clubhouse
Waipahu, Hawaii
MED HACK

600 (No SSNs or financial information exposed)

An employee noticed unusual activity on a computer on September 25, 2012.  It is possible that former and current members of the Waipahu Aloha Clubhouse had information on the computer that was remotely accessed by an unauthorized party.  Names, Social Security numbers, dates of birth, addresses, phone numbers, and consumer record numbers dating back to 1997 may have been exposed. Though the Clubhouse services people living with severe and persistent mental illness, no medical records were exposed.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 25, 2012 L&D Chinese Buffet
Butte, Montana
BSR INSD

Unknown

Two dishonest employees misused customer credit card information to make more than $26,000 in fraudulent purchases.  The two men face a maximum of 10 years in prison and a $50,000 fine for each of six counts of deceptive practices. The men were arrested on July 29.  

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 24, 2012 Barnes & Noble
New York, New York
BSR CARD

Unknown

Concerned customers may call 1-888-471-7809 or visit www.barnesandnobleinc.com

PIN pad devices used to process credit and debit card information in stores were compromised.  The breach was discovered around September 14 during maintenance and inspection of the devices.  Anyone who used a credit or debit card at a Barnes & Noble may have been affected by a sophisticated criminal effort to steal that information.  Names, payment card account numbers, and PINs may have been exposed.  Barnes & Noble removed all PIN pads. Fewer than 1% of the inspected PIN pads had been affected.

UPDATE (10/24/2012): A total of 63 Barnes and Noble stores in nine states had at least one compromised PIN pad device.  Malicious code was installed on the PIN pads.

UPDATE (09/05/2013): A federal judge ruled that customers failed to show that their personal information was stolen in the data breach.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 24, 2012 Vermont State Employee's Credit Union (VSECU)
Montplier, Vermont
BSF PORT

Unknown

Two unencrypted backup tapes were discovered missing on September 10.  They were lost sometime between August 27, and September 10.  Names, Social Security numbers, financial account information, driver's license numbers, and transaction records were exposed.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 24, 2012 Aultman Hospital
Canton, Ohio
MED HACK

Unknown

People who made purchases at Aultman Hospital's gift shop may call 330-363-5319.

Hardware at Aultman was discovered to have been infected by a cyber attack.  Unauthorized parties may have been able to access credit and debit card information from Aultman gift shop purchases between February and September of 2012.  

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 22, 2012 L.A. Care Health Plan
Los Angeles, California
MED PHYS

18,000 (No Social Security numbers or financial information reported)

A mailing error caused ID cards to be mailed to the wrong members.  The cards were mailed on September 17, 2012 and the problem was discovered on September 18, 2012.  Names, member ID numbers, and dates of birth were exposed.

UPDATE (05/21/2013): A total of 18,000 people were affected.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 22, 2012 Office of Dr. Philip P. Corneliuson
Fresno, California
MED STAT

Unknown

Those with questions may call (559) 261-0185.

An office burglary resulted in the theft of a computer.  The incident was discovered on September 15, 2012.  Patient names and Social Security numbers were on the computer.

UPDATE (10/24/2012): The computer contained medical records and insurance information.

 
Information Source:
California Attorney General
records from this breach used in our total: 0

October 22, 2012 UPMC
Monroeville, Pennsylvania
GOV DISC

Unknown

An assistant police chief filed a complaint alleging that the chief of policed breached federal privacy law.  The complaint alleges that the chief of police received information about ambulance dispatches that was primarily intended for paramedics and other active first responders.  He also claims the chief of police forwarded the information to a third party.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 0

October 22, 2012 Compete Inc
Boston, Massachusetts
BSO DISC

Unknown

Compete Inc. reached an agreement with the Federal Trade Commission regarding the collection of consumer information. Compete agreed to obtain end users' consent before collecting future online browsing data.  Compete will also delete or anonymize consumer data already collected and provide direction for removing tracking software installed on the computers of those who had their data collected.

FTC charged that Compete failed to adequately describe two products used to collect details about end users' browsing habits.  A toolbar and input panel were used to collect extensive information about consumer activities and transmit the information in clear readable text to Compete's servers.  All websites visited by, links followed by, and advertisements displayed to Compete consumers were collected and stored.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 19, 2012 Sierra Plastic Surgery
Reno, Nevada
MED HACK

800 (25 cases of sensitive payment or SSN information)

Patients with questions or concerns about their information may call Sierra Plastic Surgery's hotline at (866) 979-2596.

A computer system error caused sensitive information to be exposed.  The breach occurred sometime between August 19, 2011 and September 20, 2011.

UPDATE (11/28/2012): It appears that the breach was related to a terminated employee who could still access Sierra Plastic Surgery's network after leaving the company.  The former employee accessed Social Security numbers, personal contact information, payment information, and other sensitive information in less than 50 instances.  It also appears that some copies of patient surgery estimates were printed and subsequently surrendered by the former employee when the breach was discovered in August of 2012.  The former employee was seeking information on compensation owed.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 25

October 19, 2012 Valley Plastic Surgery, P.C.
harrisonburg, Virginia
MED PORT

4,873 (No SSNs or financial information reported)

The July 15 theft of an electronic device exposed patient information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2012 Ecco Health, LLC, Colon & Digestive Health Specialists
Scottsdale, Arizona
MED PORT

5,713 (No SSNs or financial information reported)

A vendor working with patient data for digital conversion from Colon & Digestive lost a flash drive on or around July 16.  It contained patient names, Social Security numbers, dates of birth, addresses, telephone numbers, account numbers, diagnoses, and other protected health information.

 
Information Source:
HHS via PHIPrivacy.net
records from this breach used in our total: 0

October 19, 2012 U.S. National Weather Service, Weather.gov
Silver Spring, Maryland
GOV HACK

Unknown

Hackers targeted the U.S. National Weather Service website Weather.gov in an attempt to exploit vulnerabilities in U.S. government online systems.  The hackers claim to have begun a campaign in response to U.S. cyber attacks in Muslim nations.  Partial login credentials and system and network configuration files were accessed and posted online.

 
Information Source:
Dataloss DB
records from this breach used in our total: 0

October 19, 2012 The College of St. Scholastica
Duluth, Minnesota
EDU HACK

28 (No SSNs or financial information exposed)

Hackers were able to guess the answers to student account challenge questions.  The email account passwords of at least 28 students were reset and their account information was most likely accessed. The hackers may have been based in Beijing and most likely gathered the information needed to pass the challenge questions from information on the students' Facebook pages.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

October 18, 2012 Blount memorial Hospital
Maryville, Tennessee
MED PORT

27,000 (5,000 SSNs reported)

A password-protected laptop was stolen from an employee's home on August 25.  It contained two groups of patient data.  Patient names, dates of birth, responsible party names, patient addresses, physician names, and billing information for 22,000 patients were on the laptop. An additional 5,000 patients had similar information exposed as well as their Social Security numbers and other non-medical information.

 
Information Source:
PHIPrivacy.net
records from this breach used in our total: 5,000

October 18, 2012 Southern Environmental Law Center
Charlottesville, Virginia
NGO HACK

Unknown

Sensitive information from Southern Environmental Law Center was placed online.  Credit card, medical, and donor information such as addresses, phone numbers, and client files were exposed.  The data was accessible via Google search for an unspecified amount of time.  Southern Environmental Law Center is warning people not to open emails about the security failure or click on any links in emails that appear to be from Southern Environmental Law Center.

 
Information Source:
Databreaches.net
records from this breach used in our total: 0

Breach Total
864,188,052 RECORDS BREACHED
(Please see explanation about this total.)
from 4,252 DATA BREACHES made public since 2005
Showing 751-800 of 4252 results


X

Sign In!

Loading